The following sub-sections will outline the various API methods present in the Merchant Warrior Transparent Redirect
- Endpoints
- Introduction
-
getAccessToken
The getAccessToken method generates a one time access token to be used with transactions
-
processCard
The processCard method is the method used to perform a purchase request
-
processAuth
The processAuth method is used to perform a pre-authorization request
-
addCard
The addCard method is used to add a new card to the MW Vault
Sandbox
POST
https://base.merchantwarrior.com/transfer/
Copy
Production
POST
https://api.merchantwarrior.com/transfer/
Copy
The Transparent Redirect (also referred to as a Direct POST) service allows merchants to host and customize a secure hosted payment page themselves, whilst assisting in reducing the scope of PCI DSS compliance.
Merchants who do not wish to store, process or transmit credit card (PAN) will be able to achieve this with this service.
Requests are generated via a form presented to the customer's browser.
You can download sample material here for examples.
The getAccessToken method generates a one time access token to be used with transactions
Required Parameters
| Parameter | Description |
|---|---|
| method | This field is case sensitive. |
| merchantUUID | The value of this parameter is provided to you by Merchant Warrior. |
| apiKey | The value of this parameter is provided to you by Merchant Warrior. |
| hash | The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. This parameter is not required if you are generating an Access Token for use with the Transparent Redirect addCard method. |
| urlHash | The urlHash field is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly. |
curl -X POST \
-d method="getAccessToken" \
-d merchantUUID="5265f8eed6a19" \
-d apiKey="ksmnwxab" \
-d hash="f518187f47bc52fe5a76a18593df72c9" \
-d urlHash="49713da3df889c861c5643107af9dcde" https://api.merchantwarrior.com/transfer/
require 'net/http'
require 'uri'
uri = URI.parse("https://api.merchantwarrior.com/transfer/")
request = Net::HTTP::Post.new(uri)
request.set_form_data(
'method' => 'getAccessToken',
'merchantUUID' => '5265f8eed6a19',
'apiKey' => 'ksmnwxab',
'hash' => 'f518187f47bc52fe5a76a18593df72c9',
'urlHash' => '49713da3df889c861c5643107af9dcde'
)
response = Net::HTTP.start(uri.hostname, uri.port, use_ssl: uri.scheme == "https") do |http|
http.request(request)
end
puts response.body
import requests
data = {
'method' : 'getAccessToken',
'merchantUUID' : '5265f8eed6a19',
'apiKey' : 'ksmnwxab',
'hash' : 'f518187f47bc52fe5a76a18593df72c9',
'urlHash' : '49713da3df889c861c5643107af9dcde'
}
r = requests.post('https://api.merchantwarrior.com/transfer/', data = data)
print(r.text)
<?php
// Setup the POST url
define('MW_API_ENDPOINT', 'https://api.merchantwarrior.com/transfer/');
// Setup POST data
$postData = array (
'method' => 'getAccessToken',
'merchantUUID' => '5265f8eed6a19',
'apiKey' => 'ksmnwxab',
'hash' => 'f518187f47bc52fe5a76a18593df72c9',
'urlHash' => '49713da3df889c861c5643107af9dcde'
);
// Setup CURL defaults
$curl = curl_init();
// Setup CURL params for this request
curl_setopt($curl, CURLOPT_HEADER, false);
curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
curl_setopt($curl, CURLOPT_URL, MW_API_ENDPOINT);
curl_setopt($curl, CURLOPT_POST, true);
curl_setopt($curl, CURLOPT_POSTFIELDS, http_build_query($postData, '', '&'));
// Run CURL
$response = curl_exec($curl);
$error = curl_error($curl);
// Check for CURL errors
if (isset($error) && strlen($error)) {
throw new Exception("CURL Error: {$error}");
}
// Parse the XML
$xml = simplexml_load_string($response);
// Convert the result from a SimpleXMLObject into an array
$xml = (array)$xml;
// Validate the response - the only successful code is 0
$status = ((int)$xml['responseCode'] === 0) ? true : false;
// Make the response a little more useable
$result = array (
'status' => $status,
'transactionID' => (isset($xml['transactionID']) ? $xml['transactionID'] : null),
'responseData' => $xml
);
exit(var_dump($result));
?>
using System;
using System.Collections.Generic;
using System.Linq;
public class Program {
public static void Main(string[] args) {
using(var client = new System.Net.WebClient()) {
byte[] response = client.UploadValues("https://api.merchantwarrior.com/transfer/",
new System.Collections.Specialized.NameValueCollection() {
{ "method", "getAccessToken" },
{ "merchantUUID", "578dd399d2373" },
{ "apiKey", "dyqxkzse" },
{ "hash", "f518187f47bc52fe5a76a18593df72c9" },
{ "urlHash", "49713da3df889c861c5643107af9dcde" },
});
String result = System.Text.Encoding.Default.GetString(response);
Console.WriteLine(result);
}
}
}
Imports System
Imports System.Collections.Generic
Imports System.Linq
Public Module Program
Public Sub Main(args As String())
Using client = New System.Net.WebClient()
Dim response As Byte() = client.UploadValues(
"https://api.merchantwarrior.com/transfer/",
New System.Collections.Specialized.NameValueCollection() From { _
{"method", "getAccessToken"}, _
{"merchantUUID", "578dd399d2373"}, _
{"apiKey", "dyqxkzse"}, _
{"hash", "f518187f47bc52fe5a76a18593df72c9"}, _
{"urlHash", "49713da3df889c861c5643107af9dcde"} _
})
Dim result As [String] = System.Text.Encoding.[Default].GetString(response)
Console.WriteLine(result)
End Using
End Sub
End Module
import java.io.*;
import java.net.*;
import java.util.*;
public class Program{
public static void main(String[] args) {
try{
URL url = new URL("https://api.merchantwarrior.com/transfer/");
Map<String, String> params = new LinkedHashMap<>();
params.put("method", "getAccessToken");
params.put("merchantUUID", "5265f8eed6a19");
params.put("apiKey", "ksmnwxab");
params.put("hash", "b55552ff426d7e3d4885465d27ea0062");
params.put("urlHash", "49713da3df889c861c5643107af9dcde");
StringBuilder postData = new StringBuilder();
for (Map.Entry<String, String> param : params.entrySet()) {
if (postData.length() != 0)
postData.append('&');
postData.append(param.getKey());
postData.append('=');
postData.append(param.getValue());
}
HttpURLConnection conn = (HttpURLConnection)url.openConnection();
conn.setRequestMethod("POST");
conn.setRequestProperty("Content-Type", "application/x-www-form-urlencoded");
conn.setDoOutput(true);
OutputStreamWriter writer = new OutputStreamWriter(conn.getOutputStream());
writer.write(postData.toString());
writer.flush();
BufferedReader reader = new BufferedReader(
new InputStreamReader(conn.getInputStream()));
String line;
StringBuilder sb = new StringBuilder();
while((line = reader.readLine()) != null){
sb.append(line);
}
System.out.println(sb.toString());
writer.close();
reader.close();
}
catch(Exception ex){
ex.printStackTrace();
}
}
}
<?xml version="1.0"?>
<mwResponse>
<responseCode>0</responseCode>
<responseMessage>Operation successful</responseMessage>
<token>578de10d9a</token>
</mwResponse>
{
"responseCode": "0",
"responseMessage": "Operation successful",
"token": "578de10d9a"
}
The processCard method is the method used to perform a purchase request
Required Parameters
| Parameter | Description |
|---|---|
| method | This field is case sensitive. |
| merchantUUID | The value of this parameter is provided to you by Merchant Warrior. |
| apiKey | The value of this parameter is provided to you by Merchant Warrior. |
| transactionAmount | The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected. |
| transactionCurrency | One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive. |
| transactionProduct | A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes. |
| returnURL | The customer will be redirected to this URL upon completion of the transaction. |
| notifyURL | Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters. |
| urlHash | The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly. |
| hashSalt | Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction. |
| customerName | This field can only contain alphanumeric characters, as well as the full stop and hyphen characters. |
| customerCountry | Two letter ISO 3166-1 alpha-2 country code. |
| customerState | Freeform field, keep consistent for your records and reporting. |
| customerCity | Freeform field, keep consistent for your records and reporting. |
| customerAddress | Freeform field. |
| customerPostCode | This can also accomodate ZIP/Post codes for international transactions. |
| paymentCardNumber | Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678). |
| paymentCardExpiry | This must be MMYY format. The month must be zero padded if it is less than 10. |
| paymentCardName | This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed. |
| hash | The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. |
Optional Parameters
| Parameter | Description |
|---|---|
| transactionReferenceID | This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received. |
| customerPhone | Anything other than +,-, space and 0-9 will be stripped. |
| customerEmail | Sending this optional parameter is highly recommended. |
| customerIP | Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended. |
| storeID | The value of this field is the merchant's store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter. |
| paymentCardCSC | This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information. |
| addCard | This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction. |
| custom1 | Freeform field. Returned as |
| custom2 | Freeform field. Returned as |
| custom3 | Freeform field. Returned as |
The processAuth method is used to perform a pre-authorization request
Required Parameters
| Parameter | Description |
|---|---|
| method | This field is case sensitive. |
| merchantUUID | The value of this parameter is provided to you by Merchant Warrior. |
| apiKey | The value of this parameter is provided to you by Merchant Warrior. |
| accessToken | The value returned by the getAccessToken method. |
| transactionAmount | The amount must be formatted to have two decimal places. Any amounts without two decimal places or amounts less than one cent will be rejected. |
| transactionCurrency | One of the following: AUD, CAD, EUR, GBP, JPY, NZD, SGD, USD. This is provider dependant. Please check with MW before attempting to process transactions in any currency other than AUD. This field is case insensitive. |
| transactionProduct | A product (or sale) id or description. We recommend using an order/product id. This field’s primary purpose is to help the transaction be identifiable for reporting and accounting purposes. |
| returnURL | The customer will be redirected to this URL upon completion of the transaction. |
| notifyURL | Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters. |
| urlHash | The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly. |
| hashSalt | Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction. |
| customerName | This field can only contain alphanumeric characters, as well as the full stop and hyphen characters. |
| customerCountry | Two letter ISO 3166-1 alpha-2 country code. |
| customerState | Freeform field, keep consistent for your records and reporting. |
| customerCity | Freeform field, keep consistent for your records and reporting. |
| customerAddress | Freeform field. |
| customerPostCode | This can also accomodate ZIP/Post codes for international transactions. |
| paymentCardNumber | Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678). |
| paymentCardExpiry | This must be MMYY format. The month must be zero padded if it is less than 10. |
| paymentCardName | This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed. |
| hash | The verification hash is a combination of the MD5 of your API Passphrase, and specific parameters sent in the transaction. See Transaction Type Hash for information on how to construct the hash correctly. |
Optional Parameters
| Parameter | Description |
|---|---|
| transactionReferenceID | This is a merchant’s unique reference ID for a transaction sent to Merchant Warrior. The main purpose of this ID is to verify the transaction via the queryCard method in the event a valid response is not received. |
| customerPhone | Anything other than +,-, space and 0-9 will be stripped. |
| customerEmail | Sending this optional parameter is highly recommended. |
| customerIP | Any valid IPv4 or IPv6 address is accepted. Sending this optional parameter is highly recommended. |
| storeID | The value of this field is the merchant's store name. Please note that you need to contact Merchant Warrior to enable the storeID feature before you can use this parameter. |
| paymentCardCSC | This is also known as the CVN or CVV/2. This is required by some Acquirers if the transaction is initiated by the customer. Please contact Merchant Warrior for more information. |
| addCard | This value is a boolean to denote whether the paymentCardNumber should automatically be added to the Merchant Warrior Vault after processing the transaction. |
| custom1 | Freeform field. Returned as |
| custom2 | Freeform field. Returned as |
| custom3 | Freeform field. Returned as |
Required Parameters
| Parameter | Description |
|---|---|
| merchantUUID | The value of this parameter is provided to you by Merchant Warrior. |
| apiKey | The value of this parameter is provided to you by Merchant Warrior. |
| accessToken | The value returned by the getAccessToken method. |
| paymentCardName | This must contain at the very least a space and no less than two characters. Only alphanumeric characters, hyphens, spaces and full stops are allowed. |
| paymentCardNumber | Only certain card numbers are deemed valid in the test environment. See Test Data for more information. Do not send separators with the card number (e.g. 1234-5678… or 1234 5678). |
| paymentCardExpiry | This must be MMYY format. The month must be zero padded if it is less than 10. |
| returnURL | The customer will be redirected to this URL upon completion of the transaction. |
| notifyURL | Asynchronous POST notifications will be sent to this URL. It is important that this URL does not contain any white space characters. |
| urlHash | The urlHash field is a combination of your API Passphrase, and specific parameters sent in the transaction. See Web URL Hash for information on how to construct the hash correctly. |
| hashSalt | Used to salt the return hash used in the 302 Redirect to redirectURL upon the completion of a transaction. |
Optional Parameters
| Parameter | Description |
|---|---|
| custom1 | Freeform field. Returned as |
| custom2 | Freeform field. Returned as |
| custom3 | Freeform field. Returned as |